[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WebSocket Live Chat - Cross-Site Scripting Vulnerability

Author
Alireza Norkazemi
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-30408
Category
web applications
Date add
22-05-2018
Platform
php
# Exploit Title: WebSocket Live Chat - Cross-Site Scripting
# Exploit Author: Alireza Norkazemi
# Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?s_rank=1
  
# POC :
1) Create your account and click setting icon and go to profile
2) Put this payload into Status box :
<script>alert('xss')</script>
3) The payload will be executed if someone opens your profile

#  0day.today [2024-12-24]  #